jwt-go icon indicating copy to clipboard operation
jwt-go copied to clipboard

Published 20 hours ago verified publisher icon dgrijalva

[Documentation] Keyfunc

Open moloch-- opened this issue 3 years ago • 1 comments

The https://pkg.go.dev/github.com/dgrijalva/jwt-go#Keyfunc does not specify what should be returned, it simply says "supply the key for verification." Should the function return the JSON key structure? A byte array of the base64 encoded public key? A byte array of the raw key material? A PEM encoded key? A parsed RSA Key?

The documentation should specify what is returned when, assuming different values should be returned for different signing mechanism.

The function signature is also documented as func(token *jwt.Token) ([]byte, error), however in practice it seems the function must be implemented as func(token *jwt.Token) (interface{}, error)

moloch-- avatar Feb 28 '21 16:02 moloch--

For anyone that finds this, you want to return the parsed rsa.* key or ecsda.* key, not a []byte.

moloch-- avatar Mar 03 '21 13:03 moloch--